1401469 – hammer filter info does not return organizations and locations

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1401469 - hammer filter info does not return organizations and locations

Summary: hammer filter info does not return organizations and locations

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Hammer
Sub Component:
Version:	6.3.0
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	Unspecified
Assignee:	Tomas Strachota
QA Contact:	Nikhil Kathole
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-12-05 11:33 UTC by Djebran Lezzoum
Modified:	2019-04-01 20:27 UTC (History)
CC List:	8 users (show)
Fixed In Version:	hammer-cli-foreman 0.11.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-21 17:06:33 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	17730	None	None	None	2016-12-19 10:07:58 UTC
Foreman Issue Tracker	20117	None	None	None	2017-06-27 09:04:34 UTC
Red Hat Bugzilla	1486227	medium	CLOSED	Taxonomies of role filter are not updating through Hammer CLI	2021-02-22 00:41:40 UTC

Internal Links: 1486227

Description Djebran Lezzoum 2016-12-05 11:33:35 UTC

Description of problem:
when creating filter role permissions for organizations or/and locations hammer command:
hammer filter info does not return organizations or/and locations  

Version-Release number of selected component (if applicable):
* candlepin-0.9.54.13-1.el7.noarch
* candlepin-selinux-0.9.54.13-1.el7.noarch
* foreman-1.13.1-1.el7.noarch
* foreman-compute-1.13.1-1.el7.noarch
* foreman-debug-1.13.1-1.el7.noarch
* foreman-discovery-image-3.1.1-17.el7sat.noarch
* foreman-ec2-1.13.1-1.el7.noarch
* foreman-gce-1.13.1-1.el7.noarch
* foreman-installer-1.13.1-1.el7.noarch
* foreman-installer-katello-3.2.0-3.rc4.el7.noarch
* foreman-libvirt-1.13.1-1.el7.noarch
* foreman-openstack-1.13.1-1.el7.noarch
* foreman-ovirt-1.13.1-1.el7.noarch
* foreman-postgresql-1.13.1-1.el7.noarch
* foreman-proxy-1.13.1-1.el7.noarch
* foreman-rackspace-1.13.1-1.el7.noarch
* foreman-selinux-1.13.1-1.el7.noarch
* foreman-vmware-1.13.1-1.el7.noarch
* katello-3.2.0-3.rc3.el7.noarch
* katello-certs-tools-2.4.0-1.el7sat.noarch
* katello-client-bootstrap-1.1.0-2.el7sat.noarch
* katello-common-3.2.0-3.rc3.el7.noarch
* katello-debug-3.2.0-3.rc3.el7.noarch
* katello-default-ca-1.0-1.noarch
* katello-installer-base-3.2.0-3.rc4.el7.noarch
* katello-selinux-3.0.1.2-1.el7sat.noarch
* katello-server-ca-1.0-1.noarch
* katello-service-3.2.0-3.rc3.el7.noarch
* openldap-2.4.40-13.el7.x86_64
* pulp-client-1.0-1.noarch
* pulp-docker-plugins-2.0.3-1.el7sat.noarch
* pulp-katello-1.0.2-1.el7.noarch
* pulp-ostree-plugins-1.1.3.1-1.el7sat.noarch
* pulp-puppet-plugins-2.9.1-1.el7.noarch
* pulp-puppet-tools-2.9.1-1.el7.noarch
* pulp-rpm-plugins-2.9.1-1.el7.noarch
* pulp-selinux-2.9.1-1.el7.noarch
* pulp-server-2.9.1-1.el7.noarch
* python-ldap-2.4.15-2.el7.x86_64
* tfm-rubygem-ldap_fluff-0.4.3-1.el7sat.noarch
* tfm-rubygem-net-ldap-0.15.0-1.el7.noarch

How reproducible:
Always


Steps to Reproduce:
1. create a role-1
   hammer --output=csv role create --name="role-1" 
   > Message,Id,Name
   > User role [role-1] created,175,role-1
2. create an org-1
   hammer --output=csv organization create --name="org-1"
   > Message,Id,Name
   > Organization created,521,org-1
3. create loc-1
   hammer --output=csv location create --name="loc-1"
   > Message,Id,Name
   > Location created,522,loc-1
4. create role-1 permissions for org-1 and loca-1
    hammer --output=csv filter create --organization-ids="521" --role-id="175" --location-ids="522" --permissions="view_users,create_users,edit_users,destroy_users"
    > Message,Id
    > Permission filter for [User] created,457
5. request filter info of the created filter
   hammer filter info --id="457"


Actual results:
Id:            457
Resource type: User
Search:        none
Unlimited?:    yes
Role:          role-1
Permissions:   view_users, create_users, edit_users, destroy_users
Created at:    2016/12/05 11:01:38
Updated at:    2016/12/05 11:01:38


Expected results:
Id:            457
Resource type: User
Search:        none
Unlimited?:    yes
Role:          role-1
Permissions:   view_users, create_users, edit_users, destroy_users
Locations:
    loc-1
Organizations:
    org-1
Created at:    2016/12/05 11:01:38
Updated at:    2016/12/05 11:01:38

Additional info:
1.the expected results are returned successfully under 6.1 and 6.2
2.creating role permissions for organizations or locations alone also does not return Organizations or Locations

Comment 2 Marek Hulan 2016-12-16 17:07:21 UTC

I don't think this is a bug. In 6.3, the filter inherits orgs and locs from it's role unless you make it overriding. Therefore you should either update the hammer command so it includes "--override true" or assign the org and loc on role level.
I'd suggest consulting this with Kedar who tested the Org admin feature and might have already automated this too.

Tomas, how complicated would it be to add a custom warning to the filter create hammer command that would be printed only if the override value was not set but some orgs/locs were specified? If it's doable relatively easily I think that would be the right fix for this usability issue. Also I'm happy to do it if you provide me a guidance.

Comment 3 Tomas Strachota 2016-12-19 10:07:58 UTC

It should be relatively simple. 4 lines of code for create command, a bit more for update. I created and attached upstream issue.

I think we should improve parameter descriptions in API too, because at the moment they don't mention relation between orgs/locs and override either.

Comment 4 Bryan Kearney 2016-12-19 11:19:16 UTC

Upstream bug assigned to tstrachota

Comment 5 Bryan Kearney 2016-12-19 11:19:20 UTC

Upstream bug assigned to tstrachota

Comment 6 Bryan Kearney 2016-12-21 09:19:45 UTC

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/17730 has been resolved.

Comment 7 Djebran Lezzoum 2017-06-23 07:20:15 UTC

after the fix when creating the organizations and locations are returned
>>> hammer -v --output=csv filter create --override="1" --organization-ids="544" --role-id="161" --location-ids="545" --permissions="view_users,create_users,edit_users,destroy_users"
<<<
Message,Id
Permission filter for [User] created,546

>>> hammer filter info --id="546"
<<<
Id:            546
Resource type: User
Search:        none
Unlimited?:    no
Override?:     yes
Role:          i4LRib
Permissions:   view_users, create_users, edit_users, destroy_users
Locations:     
    JcvflQFNae
Organizations: 
    ltUeA0
Created at:    2017/06/23 07:08:03
Updated at:    2017/06/23 07:08:03
_______________________________________________________________________

But when updating the fields Locations and Organizations are not returned

>>> hammer filter update --organization-ids="546" --override="1" --location-ids="547" --id="546" --permissions="view_users,create_users,edit_users,destroy_users"
<<<
Message,Id
Permission filter for [User] updated,546

>>> hammer filter info --id="546"
<<<
Id:            546
Resource type: User
Search:        none
Unlimited?:    yes
Override?:     yes
Role:          i4LRib
Permissions:   view_users, create_users, edit_users, destroy_users
Created at:    2017/06/23 07:08:03
Updated at:    2017/06/23 07:08:36

Comment 8 Tomas Strachota 2017-06-27 09:04:35 UTC

I found out the functionality for resetting taxonomies when switching override to false is broken and erases them even when override is true.

See http://projects.theforeman.org/issues/20117 for more details.

I have a patch ready, switching the bug back to Assigned.

Comment 9 Ivan Necas 2017-08-08 08:36:10 UTC

Marking the BZ as post, as the new patch was merged upstream

Comment 11 Tomas Strachota 2017-08-08 09:29:59 UTC

The change has been released with hammer-cli-foreman 0.11.0 and it will be rebased.

Comment 12 Nikhil Kathole 2017-09-24 10:23:42 UTC

VERIFIED

Version Tested:
Satellite-6.3 Snap 17

steps:

# hammer --output=csv role create --name="role-1"
Message,Id,Name
User role [role-1] created,25,role-1

# hammer --output=csv organization create --name="org-1"
Message,Id,Name
Organization created,4,org-1

# hammer --output=csv location create --name="loc-1"
Message,Id,Name
Location created,5,loc-1

# hammer --output=csv filter create --organization-ids="4" --role-id="25" --location-ids="5" --permissions="view_users,create_users,edit_users,destroy_users"
Could not create the permission filter:
  Error: Organizations and locations can be set only for overriding filters
  
  See: 'hammer filter create --help'

# hammer --output=csv filter create --organization-ids="4" --role-id="25" --location-ids="5" --permissions="view_users,create_users,edit_users,destroy_users" --override true
Message,Id
Permission filter for [User] created,270

# hammer filter info --id="270"
Id:            270
Resource type: User
Search:        none
Unlimited?:    no
Override?:     yes
Role:          role-1
Permissions:   view_users, create_users, edit_users, destroy_users
Locations:     
    loc-1
Organizations: 
    org-1
Created at:    2017/09/24 10:10:25
Updated at:    2017/09/24 10:10:25

________________________________________________________________________________

When update org/loc >>>

# hammer filter update --organization-ids="1" --override true --location-ids="2" --id="270" --permissions="view_users,create_users,edit_users"
Permission filter for [User] updated

# hammer filter info --id="270"
Id:            270
Resource type: User
Search:        none
Unlimited?:    no
Override?:     yes
Role:          role-1
Permissions:   view_users, create_users, edit_users
Locations:     
    Default Location
Organizations: 
    Default Organization
Created at:    2017/09/24 10:10:25
Updated at:    2017/09/24 10:15:58


Hammer filter info successfully showed org and loc. When there is org and loc parameter and --override value is not set, it showed warning("Organizations and locations can be set only for overriding filters") as per comment #2. After updating org/loc, hammer filter info showed org/loc.

Comment 13 Bryan Kearney 2018-02-21 17:06:33 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.